summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Expand)Author
2014-10-05Fix memory leak in the error path of v2i_AUTHORITY_KEYID().Miod Vallat
2014-10-05compile with c89 (code / decl ordering); from Joakim.Tjernlund@transmode.seTheo de Raadt
2014-10-05Use more specific curves/formats naming for local variables inJoel Sing
2014-10-05Use tls1_get_curvelist() in ssl_add_clienthello_tlsext(), rather thanJoel Sing
2014-10-05Make tls1_get_formatlist() behave the same as tls1_get_curvelist() andJoel Sing
2014-10-03verify changes are major changeTed Unangst
2014-10-03Strip trailing new-lines from syslog messages. This avoids emptyAlexander Bluhm
2014-10-03Bump minor for ECHD auto and other recent changes.Joel Sing
2014-10-03Bump minor version for ECDH auto.Joel Sing
2014-10-03allow disabling hostname and cert verification separately.Ted Unangst
2014-10-03Allow "auto" to be specified as an ECDH curve name and make this theJoel Sing
2014-10-03Add support for automatic ephemeral EC keys.Joel Sing
2014-10-03Use string literals in printf style calls so gcc's -Wformat works.Doug Hogan
2014-10-02Fix a crash when there is text after a failed %Z conversion in strptime.Doug Hogan
2014-10-01openssl.cnf tweaks following recent changes to usr.bin/openssl:Stuart Henderson
2014-09-30Clean up EC cipher handling in ssl3_choose_cipher().Joel Sing
2014-09-29Bump major to 28, regen .pc and header with new version info.James Turner
2014-09-29Merge conflicts.James Turner
2014-09-29Update sqlite3 to 3.8.6. A list of changes are available here:James Turner
2014-09-29Previous fix (1.12) would cause a NULL pointer dereference in the error pathMiod Vallat
2014-09-29Move cipher configuration handling to the shared SSL configuration functionJoel Sing
2014-09-29Add an option that allows the enabled SSL protocols to be explicitlyJoel Sing
2014-09-29When freeing the config, explicitly call ressl_config_clear_keys() ratherJoel Sing
2014-09-29check_cert(): be sure to reset ctx->current_crl to NULL before freeing it.Miod Vallat
2014-09-29X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size toMiod Vallat
2014-09-29X509_VERIFY_PARAM_set1_name(): if invoked with NULL as the secondMiod Vallat
2014-09-28Wrap long lines and add missing argument name.Joel Sing
2014-09-28Bump minor after adding SSL_CTX_use_certificate_chain().Reyk Floeter
2014-09-28Provide a ressl config function that explicitly clears keys.Joel Sing
2014-09-28Add a new API function SSL_CTX_use_certificate_chain() that allows toReyk Floeter
2014-09-28X509v3_add_ext(): do not free stuff we did not allocate in the error path.Miod Vallat
2014-09-28X509_TRUST_add(): check X509_TRUST_get0() return value before dereferencing it,Miod Vallat
2014-09-28Someone (TM) thought it was smart to save memory by using malloc(1) andMiod Vallat
2014-09-28revamp the config interface to own memory. easier to use correctly withoutTed Unangst
2014-09-27Revert r1.5 and reenable assembler version of ghash now that it has beenMiod Vallat
2014-09-27Doh, rev 1.4 had left out one routine with both 32-bit and 64-bit code, whereMiod Vallat
2014-09-27Disable assembler code for ghash on hppa, causes wrong computations in someMiod Vallat
2014-09-27There is not much point checking ecdhp is not NULL... twice.Joel Sing
2014-09-27Check that the specified curve is one of the client preferences.Joel Sing
2014-09-27Explain why we deviate slightly from the PBKDF2 standard.Doug Hogan
2014-09-26X509_STORE_new(): do not leak memory upon error.Miod Vallat
2014-09-26X509_issuer_and_serial_hash(): do not leak memory if an error occurs duringMiod Vallat
2014-09-26X509at_add1_attr(): do not free stuff we did not allocate in the error path.Miod Vallat
2014-09-26Now that we have a static version of the default EC formats, also use itJoel Sing
2014-09-23Fix regression introduced in revision 1.15 by using strndup() instead ofMiod Vallat
2014-09-22Refactor and simplify the ECC extension handling. The existing codeJoel Sing
2014-09-22Also check the result from final_finish_mac() against finish_mac_length inJoel Sing
2014-09-22It is possible (although unlikely in practice) for peer_finish_md_len toJoel Sing
2014-09-21Document SSL_OP_TLSEXT_PADDING.Joel Sing
2014-09-21Move the TLS padding extension under an SSL_OP_TLSEXT_PADDING option, whichJoel Sing